Plesk Plugin Issuing New Certificates Daily so Rate Limits Are Hit

I am trying to renew my certificate on my Plesk server.
My certificate expired two days ago.

I am getting the following error:
Error: Let’s Encrypt SSL certificate installation failed: Invalid response from https://acme-v01.api.letsencrypt.org/acme/new-cert: Error creating new cert :: too many certificates already issued for exact set of domains: gitlab.micronited.de,www.gitlab.micronited.de. Type: urn:acme:error:rateLimited.

According to crt.sh, you successfully issued more than 5 certificates for the domains in question on May 9th, exceeding the rate limit of 5 duplicate certificates per week. It looks like some sort of broken automation - perhaps a bug in Plesk’s Let’s Encrypt client. If you have any logs or other details to share, someone might be able to help with this, though if it’s very Plesk-specific, you might have more luck talking to Plesk or asking in a Plesk-related forum.

You won’t be able to request another certificate for the same set of domains until May 16th (at around the time the first few certificates were issued). As a workaround, you could temporarily add another subdomain to the request, if that’s possible with Plesk. This would bypass the limit for duplicate certificates; there’s a separate limit of 20 certificates for your domain as a whole, but I don’t think you’ve hit that one yet.

I should mention that crt.sh reports that you’re requesting certificates for your main domain (micronited.de) daily as well. Certificates are typically only renewed every 60 days by well-behaving clients, so it appears that there’s some kind of issue with the automation here as well that you might want to look into to avoid running into other rate limits.

2 Likes

hi @Lusu

Plesk have their own plugin for Let’s Encrypt.

It’s written in PHP and is obfuscated. If you need further support I would suggest working with them

Explain that the plugin seems to be trying to issue certificates on a daily basis and not associating (or downloading) new certificates correctly.

They should tell you where to check and where the logs are

Andrei

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.